Code review comments: HTML and inline css styles are not escaped 

## Inline styles

A user can create comments that contain HTML elements and inline css styles:

![Screenshot 2023-03-23 at 3 58 29 PM](https://user-images.githubusercontent.com/121207468/227364586-85dc79c0-488d-47be-a947-685c3cd4de73.png)

![Screenshot 2023-03-23 at 3 58 49 PM](https://user-images.githubusercontent.com/121207468/227364595-dcc765e9-808a-4701-851d-1313fe96cfcc.png)

## <script>

A comment can include a `<script>` tag. However, initial tests show that the script will **not** run:

![Screenshot 2023-03-23 at 4 18 17 PM](https://user-images.githubusercontent.com/121207468/227365334-bcbe5be0-10f3-43e6-bb5f-50c97960febc.png)

![Screenshot 2023-03-23 at 4 18 37 PM](https://user-images.githubusercontent.com/121207468/227365347-42b5ec9a-2818-4292-9f93-f4e66ab6c5c1.png)

 ## Expected behavior: 
 
-  Should only standard markdown be supported for code review comments?
-  Should a user be allowed to create HTML elements and use inline styles?








Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Code review comments: HTML and inline css styles are not escaped #2851

Inline styles

<script>

Expected behavior:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Code review comments: HTML and inline css styles are not escaped #2851

Description

Inline styles

<script>

Expected behavior:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions